This article provides an IVDR checklist for updating your ISO 13485 quality system to comply with EU Regulation 2017/746.
Why I created an IVDR checklist?
Hundreds (if not thousands) of IVD manufacturers are currently updating their ISO 13485:2016 certified quality system from compliance with the In Vitro Diagnostic Directive (i.e. Directive 98/79/EC) or IVDD to the new EU In Vitro Diagnostic Regulation (i.e. Regulation 2017/746). Revision of technical files and the associated procedures for creating your technical files is a big part of these updates. However, there is much more that needs to be updated than just the technical documentation. Therefore, IVD manufacturers are asking Medical Device Academy to conduct remote internal audits of their quality system to identify any gaps. Usually, we conduct internal audits using the process approach to auditing, but this is one of the scenarios where the element approach and an audit checklist are invaluable.
If you would like to download our IVDR checklist for FREE, please fill in the form below.
How do you use an audit checklist?
An audit checklist is used by quality system auditors to collect objective evidence during an audit. This objective evidence verifies compliance with regulatory requirements or internal procedural requirements. If the auditor is unable to find supporting evidence of compliance, the auditor may continue to search for data or identify the requirement as a nonconformity. Typically the checklist is in four columns using a tabular form. The left-hand column lists each requirement. The next column is where the auditor documents records sampled, procedures reviewed, and personnel interviewed. In the third column, the auditor indicates what they were looking for in the records, procedures, or during the interview. Some of the information in the second and third columns can often be entered prior to starting the audit by reviewing audit preparation documents (e.g. procedures and previous audit reports). In the fourth column the auditor will enter the objective evidence for conformity collected during the audit.
How to create an IVDR quality plan
Most of the companies that are preparing for an IVDR audit by their notified body already have ISO 13485:2016 certification and they are using the self-declaration pathway for CE Marking under the IVDD. Under the IVDR, a notified body must now review and approve the technical file. The notified body must also confirm that their quality system has been updated to include the IVDR requirements. The Technical File requirements are found in Annex II and III; while most of the quality system requirements are found in the Articles. The quality system requirements include:
a risk management process in accordance with Annex I – deviations from ISO 14971:2019 will be necessary)
conduct a performance evaluation–including a post-market performance follow-up (PMPF). This requirement is defined in Article 52 and Annex XIII
create and maintain a technical file in accordance with Annex II & III
create and maintain a Declaration of Conformity in accordance with Article 17
CE Mark the product in accordance with Article 18
implement a UDI system in accordance with Article 24, 26, and 28
record retention requirements for the technical file, Declaration of Conformity, and certificates shall be increased from 5 years to 10 years
set-up, implement, and maintain a post-market surveillance system in accordance with Article 78
document a procedure for communication with Competent Authorities, Notified Bodies, Economic Operators, Customers, and/or other Stakeholders
update procedures for reporting of serious incidents and field safety corrective actions in the context of vigilance to require reporting within 15 calendar days
update the product labeling to comply with Annex I, section 20
revise the translation procedure to ensure translations of the instructions for use are available in all required languages of the member states, and make sure these translations are available on the company website
create a procedure for utilization of the Eudamed database for registration, CE Marking applications, UDI data entry, and vigilance reporting
Which IVDR requirements are already met by your quality system?
Some companies also manufacture medical devices that must comply with Regulation (EU) 2017/745. For those companies, many of the above requirements are already incorporated into their quality system. In this case, you should still include all of the IVDR checklist requirements in your plan, but you should indicate that the requirement has already been met and audited previously.
Content related to our IVDR checklist
On Friday, April 1, 2022 @ 11 am EDT (8 am Pacific), Rob Packard will be Joe Hage’s guest speaker on the weekly MDG Premium Live video (please click on the link to register). The topic of the live presentation will be “How to create an IVDR quality plan.” #MedicalDevices#MDGpremium
You are familiar with design and process risk analysis, but do you know all four types of risk analysis?
Last week’s YouTube live streaming video answered the question, “What are the four different types of risk analysis?” Everyone in the medical device industry is familiar with ISO 14971:2019 as the standard for medical device risk management, but most of us are only familiar with two or three ways to analyze risks. Most people immediately think that this is going to be a tutorial about four different tools for risk management (e.g. FMEA, Fault Tree Analysis, HAZOP, HACCP, etc.). Instead, this article is describing the four different quality system processes that need risk analysis.
What are the four different types?
The one most people are familiar with is risk analysis associated with the design of a medical device. Do you know what the other three are? The second type is process risk management where you document your risk estimation in a process risk analysis. The third type is part of the medical device software development process, specifically a software hazard analysis. Finally, the fourth type is a Use-Related Risk Analysis (URRA) which is part of your usability engineering and human factors testing. Each type of risk analysis requires different information and there are reasons why you should not combine these into one risk management document or template.
Design Risk Analysis
Design risk analysis is the first type of risk analysis we are reviewing in this article. The most common types of design risk analysis are the design failure modes and effects analysis (dFMEA) and the fault-tree analysis (FTA). The dFMEA is referred to as a bottom-up method because you being by identifying all of the possible failure modes for each component of the medical device and you work your way backward to the resulting effects of each failure mode. In contrast, the FTA is a top-down approach, because you begin with the resulting failure and work your way down to each of the potential causes of the failure. The dFMEA is typically preferred by engineers on a development team because they designed each of the components. However, during a complaint investigation, the FTA is preferred, because you will be informed of the alleged failure of the device by the complainant, but you need to investigate the complaint to determine the cause of the failure. Regardless of which risk analysis tool is used for estimating design risks, the risk management process requires that production and post-production risks be monitored. Therefore, the dFMEA or the FTA will need to be reviewed and updated as post-market data is gathered. If a change to the risk analysis is required, it may also be necessary to update the instructions for use to include new warnings or precautions to prevent use errors.
Process Risk Analysis
Process risk analysis is the second type of risk analysis. The purpose of process risk analysis is to minimize the risk of devices being manufactured incorrectly. The most common method of analyzing risks is to use a process failure modes and effects analysis (i.e. pFMEA). This method is referred to as a bottom-up method because you begin by identifying all of the possible failure modes for each manufacturing process step. Next, the effects of the process failure are identified. After you identify the effects of failure for each process step, the severity of harm is estimated. Then the probability of occurrence of harm is estimated, and the ability to detect the failure is estimated. Each of the three estimates (i.e. Severity, Occurrence, and Detectability) are multiplied to calculate a risk priority number (RPN). The resulting RPN is used to prioritize the development of risk controls for each process step.
As risk controls are implemented, the occurrence and detectability scores estimated again. This is usually where people end the pFMEA process, but to complete one cycle of the pFMEA the risk management team should document the verification of the effectiveness of the risk controls implemented. For example, if the step of the process is sterilization then documentation of effectiveness consists of a sterilization validation report. This is the last step of one cycle in the pFMEA, but the risk management process includes monitoring production and post-production risks. Therefore, as new process failures occur the pFMEA is reviewed to determine if any adjustments are needed in the estimates for severity, occurrence, or detectability. If any of the risks increase, then additional risk controls may be necessary. This process is continuously updated with production and post-production information to ensure that process risks remain acceptable.
Software Hazard Analysis
Sofware hazard analysis is becoming more important to medical devices as physical devices are integrated with hospital information systems and with the development of software as a medical device (SaMD). Software risk analysis is typically referred to as hazard analysis because it is unnecessary to estimate the probability of occurrence of harm. Instead, it is only necessary to identify hazards and estimate harm. Examples of these hazards include loss of communication, mix-up of data, loss of data, etc. For guidance on software hazard identification, IEC/TR 80002-1:2009 is a resource. FDA software validation guidance indicates that software failures are systemic in nature and the probability of occurrence cannot be determined using traditional statistical methods. Therefore, the FDA recommends that you assume that the failure will occur and estimate software risks based on the severity of the hazard resulting from the failure.
Use-Related Risk Analysis
The fourth and final type of risk analysis is use-related risk analysis (URRA). Most development teams assume that they are able to use traditional hazard identification techniques to identify the potential use-related risks. However, use-related risks are inextricably linked to the experiences of the user. The development team has unique knowledge of the device they are developing, and therefore it is likely that use-related risks associated with a lack of knowledge about the device will result in use errors that the development team would not realize. For this reason, formative testing is necessary to identify unforeseen use-related risks. Once formative testing identifies these risks, additional formative usability testing can be used to create and refine the instructions for the use of a medical device. Finally, formative testing can be used to develop user training programs that prevent potential use errors. Once the development team has completed the necessary formative testing, then summative usability testing is used to validate the effectiveness of the risk controls that were implemented.
In the past, I believed that the FDA’s focus on usability was the review of summative usability testing. However, I have learned that the FDA feels it is equally important to begin the human factors testing process by first performing a use-related risk analysis and then identifying the critical tasks. Without identifying these critical tasks, it is not possible for the FDA to determine if the moderator of the summative testing has observed all of the critical tasks being performed correctly. An example of a Use-Related Risk Analysis (URRA) was provided by the FDA in a 510(k) AI deficiency letter that we received. The example is provided below.
Example of a URRA Table provided by the FDA
Can you use only the IFU to prevent use-related risks?
Instructions for use (IFU) are required to include warnings and precautions. This information provided by the manufacturer explains how to use a medical device correctly and identifies the residual risks. This is a form of risk control, but it is the least effective form of risk control and should be the risk control of last resort. Not everyone reads the IFU, and you cannot guarantee that everyone will understand the instructions. You certainly can’t be sure that users will remember all your warnings or precautions when they are tired, stressed, or acting in an emergency situation. Design controls and protective measures should be implemented as the first and second priority for risk controls, and the IFU should be your lowest priority.
This is the reason why we have color-coding, design features that eliminate the possibility of a use error, we provide training to users, and we are required to monitor use-related risks for medical devices. Formative usability testing is intended to identify use errors we did not anticipate, to help us develop instructions for use (IFU), and help us develop training for users. Summative testing is intended to validate that the design, training, and IFU are effective at preventing use errors. All three of these aspects work together–not the IFU alone. In fact, there is an entire alarms standard that identifies protective measures that shall be used for electromedical devices to prevent use errors (i.e. – IEC 60601-1-8).
Facilitating Risk Management Activities – An Interview with Rick Stockton
I listened to our YouTube video about the four different types of risk analysis, you may have heard my reference to Rick Stockton’s interview that we posted on our YouTube channel and embedded above. In our interview with Rick Stockton, we discussed how to facilitate risk management activities during the design and development of medical devices. If you are interested in learning more about Rick and facilitating risk management activities, please watch the video of our interview with Rick.
This article analyzes feedback options offered for a pre-submission meeting request and gives you insight into which option is best for you.
In 2021 the FDA published an updated guidance document about pre-submission meeting requests (i.e., pre-sub meetings). The purpose of a pre-submission meeting is to ask and obtain answers to your questions directly from the FDA. The guidance document has great advice on what to ask the FDA and what you should not ask. The best time to be asking the FDA questions is before you begin your verification and validation testing. The FDA can give you valuable feedback on your testing plan to demonstrate safety and efficacy, but if you already started your testing it’s too late. Unfortunately, the guidance document has no advice on which method of feedback to select or why.
What is the last section of your pre-sub?
The last section of your pre-submission meeting request should indicate what method of feedback you prefer and what your preferred dates are for a potential meeting with the FDA. There are three options offered for methods of feedback:
a face-to-face meeting
a conference call
an email response
Feedback option 1 – A Face-to-Face Meeting
Some executives believe that face-to-face meetings are critical in establishing relationships with people. However, you need to understand the culture of the people your are trying to build a relationship with. The FDA is an overworked bureaucracy, and government agencies have security concerns. When the FDA meets with visitors they must go to a different building and arrange for their guests to pass through security. This is more work and takes more time. To justify the extra work and time, you need a compelling reason why a face-to-face meeting with the FDA is necessary.
Traveling to the FDA will cost your team money and time that conference calls and emails will not. More importantly, you are limited to one hour for a pre-submission meeting. One hour is barely enough time to ask questions and listen to the answers. You only have minutes to introduce your company, your team and the describe the product. There is no time for relationship building. The best way to impress the FDA is to: 1) prepare thoroughly, 2) conduct an efficient meeting, and 3) ask smart questions.
There is one time when you should visit the FDA face-to-face–if you have a powerful demonstration and video just isn’t good enough.
Feedback option 2 – Conference Call
Conference calls save you time and money, but conference calls also save the FDA time and effort. You won’t personally meet people from the agency, but you can communicate information prior to the meeting and you can provide videos of simulated use for your device. Conference calls do have the advantage of allowing you to mute the call for a moment and make a comment among your team members without the agency listening as well. Whenever you are discussing a performance testing plan or a clinical study protocol with the FDA, you will probably want a conference call to enable clarification questions.
Feedback option 3 – Email
Email responses from the FDA are highly underrated in value. When you specify an email response, you generally receive a response to your questions sooner. You also should receive more information, because each person from the agency is able to provide an hour of their time to write detailed feedback. In a conference call, you are speaking for part of the hour and only one person from the FDA can speak at a time. Therefore, you almost always have less feedback during conference calls and face-to-face meetings. The primary downside to email as a feedback method is that it is not interactive.
Update Related to Covid-19 Pandemic
The FDA is not allowing face-to-face meetings during the Covid-19 pandemic. Three of the pre-subs Medical Device Academy submitted during the pandemic were rejected by the FDA due to insufficient FDA resources. We are also noticing increased delays in the pre-sub timeline. Two pre-subs had a 5-month scheduling lead-time instead of 60-75 days. Due to these delays, we have advised many clients to skip the presub if testing requirements are well defined in guidance documents and predicate 510k summaries. Althought the email option should theoretically result in a faster response from the FDA, during the pandemic we have actually seen that the teleconference options has been faster. My theory is that the teleconferences are require coordinating the schedules of multiple people, and therefore there is more focus by lead reviewers in making sure the feedback is provided in time for the scheduled teleconference.
Which feedback option will you pick?
Regardless of which feedback method you choose, you can always follow-up with supplemental questions and obtain additional feedback from the FDA after you receive the initial response to your pre-submission meeting request. If you are planning a clinical study, you might seek interactive feedback in a conference call during the pre-submission meeting. Then you can follow-up with a clinical study protocol as a supplement to obtain additional feedback from the FDA.
Additional Resources
If you are interested in learning more about a pre-submission meeting request to the FDA, consider watching and listening to a webinar on the topic.
Before you complete FDA forms for your 510k submission, you need to made sure you have the most updated FDA forms.
How do you know if the FDA form you are using is current?
The FDA assigns numbers to each FDA form and the document control number is found in the bottom left footer of the document. In addition, the top right-hand header of the document will have an expiration date for the form (see the picture below). Often the changes to FDA forms are minor, but you should only submit the current version of the FDA form which has not expired.
What happens if you are using an expired FDA form?
In the past, if you included an obsolete document in your submission the FDA would often ignore this an proceed with the review of your submission anyway. Now FDA reviewers will identify the obsolete form and require you to resubmit the document on the current version of the form. If the reviewer is conducting an initial Refusal to Accept (RTA) screening, and one of the required items in the RTA screening are identified, then you will receive an RTA Hold letter and the RTA checklist will include a comment that you have used an obsolete version of an FDA Form.
If there are no deficiencies identified in the RTA checklist, the reviewer may still send you an email asking you to submit the document on the correct form. This could be a formal amendment (e.g. K123456/A001) or it could be as an informal email of the corrected document. This type of request could also be identified after the substantive review is complete in the form of a comment in an Additional Information (AI) Request or as part of an Interactive Review Request. An AI Request must be responded to with a formal supplement submitted to the Document Control Center (DCC) as a supplement to the original submission (e.g. K123456/S001) or as an informal ammendment submitted by email.
Examples of updated FDA forms for your 510k submission
Expired forms are frequently submitted to the FDA because submitters are using templates that have not been properly maintained or the submitter modified a form that was submitted in a previous 510k submission. The most common examples include: FDA Form 3514 (i.e. Submission Coversheet), FDA Form 3881 (i.e. Indications for Use), and the RTA Checklist.
Where can you find updated FDA forms?
Recently one of our clients noticed that the 510k template folder we share with people that have purchased our 510k courseincluded obsolete templates for Financial Disclosure. There are three financial disclosure forms that can be used for a 510k submission or De Novo Classification Request:
FDA Form 3454, Certification: Financial Interest and Arrangements of Clinical Investigator (PDF)
FDA Form 3455, Disclosure: Financial Interest and Arrangements of Clinical Investigators (PDF)
FDA Form 3674, Certification of Compliance, under 42 U.S.C. , 282(j)(5)(B), with Requirements of ClinicalTrials.gov (PDF)
We normally update these FDA forms as soon as the new form is released, but this financial disclosure forms are only used in about 10-15% of 510k submissions.
The current version of most FDA forms can usually be found by simply conducting an internet search for the form using your favorite browser. However, sometimes you may find a copy of the document that was editted by a consultant to facilitate completion of the document as an unsecured PDF or Word document. Although this is convenient, you should not use these “bastardized” forms. You should use the original secured form provided by the FDA. These native forms require Adobe Acrobat to complete the form and save the content. The most current version of the FDA form can be found using the FDA’s Form search tool.
Editing and Signing FDA Forms
Most of the FDA forms are secured and you can only enter information in specific locations. If there is a location for a signature, usually the signature cannot be added in Adobe to the secured form. In these situations, our team will save the document as a “Microsoft Print PDF” format. Once the document has been saved in this “non-native” format, you can manipulate almost anything in the document. Then we will add signatures using the “Fill and Sign” tool in Adobe Acrobat or we will use the “Edit” tool. Editing also gives us ability to make corrections when the document has incorrect information filled in the form somewhere.
Another option for adding dates and signatures is for you to save the document as a non-secure PDF. Then using an electronic signature software tool like Docusign, you can request that another person add their electronic signature or you can add your own electronic signature. Some companies prefer to do this to ensure the electronic signature meets 21 CFR Part 11 requirements, but the FDA accepts scanned images of a signature that was added to the document without certification in a 510k submission. This is even true for the Truthful and Accuracy Statement for a 510k. That document can be attached as a PDF in an FDA eSTAR template or you can electronically sign the eSTAR template if the person preparing the eSTAR is also the person signing the Truthful and Accuracy Statement.
Tips and Tricks for maintaining templates
Our company is a consulting firm, and we do not have a formal document control process that would be typical of our clients. However, we do have a shared Dropbox folder where we maintain the most current version of 510k templates. Any obsolete versions we move to an archive folder. However, there are ways to improve this informal system. You can include a date of the document in the file name. For example, “Vol 4 001_Indications for Use (FDA Form 3881) rvp 2-7-2022.” This indicates that this file is the FDA Form 3881 which is the indications for use form used in Volume 4 of the 510k submission. The document is the first document in that volume. The date the form was revised and saved is February 7, 2022 and the author’s initials are “rvp.”
If you are saving 510k templates you might consider adding an expiration date to the file name. For example, “Vol 4 001_Indications for Use (FDA Form 3881) exp 06-30-2023.” This file name indicates that the form’s expiration date is June 30, 2023. The inclusion of an expiration date in the file name is a visual reminder of when you will need to search for an updated FDA form.
A third way to manage your FDA Forms is to include them in your documents of external origin. ISO 13485:2016, Clause 4.2.4, requires that you maintain control of documents of external origin. Therefore, if your company has a formal quality system, a list or log of documents of external origin is the best way to manage FDA forms. Your log should indicate the date the updated FDA form was created, any parent guidance documents should be cross-referenced, and the expiration date of the FDA form should be identified. By using a log of this type, you can sort the list by expiration date or by the date of creation if there is no expiration date identified. Sorting the list will help your team prioritize which documents need to be reviewed next for new and revised versions.
Additional 510k submission resources
The FDA will be updating the 510k guidance for the new FDA eSTAR template by September 2022. Medical Device Academy will be systematically updating all of our templates and training webinars related to preparation of 510k submissions. We will also be preparing for the transition from FDA eCopy submissions to electronic submissions via a Webtrader Account.
You can keep up-to-date on template revisions in one of two ways:
Purchase our 510k course, and you will receive access to the updated templates as they are created. We will send email notifications each time a template is updated.
Register for our New Blog email subscription for automated email notifications of when a new blog is released about updated FDA forms, templates, and webinars.
Register for our New Webinar email subscription for automated email notifications of when a new or revised webinar is scheduled and for email notification of our newest live streaming YouTube videos.
You can conduct multiple individual process audits or you can conduct one full quality system audit, but which solution is better?
What are individual process audits?
There are 25 processes that require procedures for compliance with the US FDA quality system regulations and ISO 13485:2016 has 28 required procedures. Individual process audits focus on one of these procedures, the process it controls, the equipment and software used by that process, the work environment where the process is performed, the people responsible for the process, the records resulting from that process, and any metrics or quality objectives associated with that process. An individual process audit can be completed in remotely or on-site, and these audits will be much shorter in duration than a full quality system audit. Another way to think of an individual process audit is to realize that a full quality system audit is comprised of many individual process audits scheduled back-to-back. Auditing one process might be as short in duration as 30 minutes (e.g. control of records) but individual process audits can take as long as four hours (e.g. design controls and technical file audits).
What is a full quality system audit?
A full quality system audit is typically a single audit conducted annually to address all the requirements for conducting an internal audit of your quality system. In this type of audit, all of the procedures and processes should be covered. Therefore, full quality system audits are necessarily longer. If the person assigned to conduct the full quality system audit is an employee, that person cannot audit their own work. This can be addressed in two ways: 1) the audit can be a team audit, and the other team members can audit areas the lead auditor was responsible for; and 2) the process(es) that the lead auditor is responsible for can be audited as individual process audits by another auditor at another time.
If the person assigned to conduct the full quality system audit is a consultant from outside the company, there is still potential for conflicts regarding independence. If the consultant audited the company in the previous year, then the auditor cannot audit last year’s internal audit. In our consulting firm we address this issue in two ways: 1) we rotate who is assigned to audits so that the same auditor does not conduct a full quality system audit two years in a row, or 2) we assign another auditor in our company to conduct the audit of internal auditing as a team member.
How do you evaluate auditing effectiveness?
Some companies perceive that auditing is a necessary evil and they want to put as little effort and resources into the audit as possible. In this situation, auditing might be evaluated based upon whether it was completed on-time, by how much the audit cost the company, and the fewer nonconformities identified the better the perceived outcome. This perspective typically results in a single full quality system audit that is three days in duration or shorter if an auditor can manage to complete the audit in less time. Of course the shorter the audit is, the fewer records that an auditor has time to review. Therefore, shorter audits typically have fewer findings and management is pleased at the outcome because the audit required fewer resources and had little or no nonconformities.
The better approach is to look at auditing as a method for identifying areas that need improvement. Identifying areas where your quality system needs improvement is the intent of requiring internal audits. Therefore, the amount of time your company allocates to auditing should reflect the benefits for improvement that are identified. Top management of your company needs to identify which process areas they feel needs improvement. Only then can the audit program manager design an audit schedule that will focus on identifying opportunities for improvement and nonconformities in the process areas where management feels improvement is most needed. Ideally, this approach to auditing will focus on looking for inefficiency and metrics with negative trends. These findings result in preventive actions instead of corrective actions, because the process is not yet nonconforming. In general, the more opportunities for CAPAs that are identified the more valuable the audit was.
What advantages do one full quality system audit present?
Sometimes a single full quality system audit is easier to schedule, because it is only once per year. The rest of the year your company will not need to spend much time discussing audits or even thinking about them. If your company perceives audits as a necessary evil, then the less disruption caused by scheduling an audit the better.
Another advantage of conducting full quality system audits is that you can more easily afford to use external consultant auditors, because the travel costs for auditing are limited to one trip per year. If you had more than twenty individual process audits each year, and external consultant auditors conducted all of the audits, then you would have to pay for travel costs twenty times each year. Unless the consultant lives locally, these travel costs can be substantial.
What advantages exist for individual process audits?
Individual process audits are much easier for the auditor to complete within the time established in the audit agenda, because the auditor does not have another audit process immediately proceeding or immediately after the process they are auditing. There are also fewer people that need to attend an opening or closing meeting for an individual process audit, because only one process is being audited. Managers from other departments are seldom needed for participation in the opening or closing meeting. The combined benefits result in the auditor being more likely to start the opening meeting on-time and to start the closing meeting on-time.
The shorter duration of individual process audits is also an advantage. There are very few times in a year when none of your department managers will be traveling, sick, or on vacation. These rare weeks only happen a few times each year, and sometimes auditors must proceed with an audit even if someone is absent because they have no alternative. If you are preparing for an audit remotely, you face-to-face audit time is only 90 minutes, and your report writing time is also conducted remotely, then finding 90-minutes of available time in an department manager’s schedule is usually quite easy.
Can both approaches to internal audit scheduling coexist?
You can combine both approaches to audit scheduling in several possible ways. First you can schedule one full quality system audit each year in order to make sure that the minimum audit requirements are met, and then top management can review the results of the full quality system audit to decide which processes would benefit from individual process audits.
A second strategy would include conducting individual process audits for each process that resulted in a nonconformity during 3rd party certification audits or during the one full quality system audit. In this scenario, you might have a 3rd party audit in November, a full quality system audit in May, and top management might select 10 other individual processes to audit during the other 10 months of the year.
A third strategy would be to alternate between individual process audits and single full quality system audits each year. During “odd” years the audit program manager would only schedule one full quality system audit, and during “even” years the audit program manager would schedule multiple individual process audits.
A fourth strategy would be for top management to select a few processes that they would like the audit program manager to focus on with individual process audits, and all of the remaining processes would be incorporated into a single audit that covers the remaining 70% of the quality system.
Each of these four strategies for combining the two approaches to audit scheduling is viable and may result in multiple opportunities for improvement being identified. There is no regulation that favors one approach over another, but all four strategies require more time an effort on the part of the audit program manager and top management to discuss and plan the annual audit schedule.
Next steps if you would like to try individual process audits
If your company has always scheduled a single full quality system audit each year, you can test the concept of conducting an individual process audit by selecting just one process to audit. The best choice for this approach is to pick a process that has one or more CAPAs that are in progress or to select a process that top management feels is performing efficiently. The more frustration that top management experiences with a process, the greater the need is to identify opportunities for improvement. If the company has not already identified CAPAs to initiate for that process, you might just need an outsider to state the obvious: “I think we need a CAPA in this department.” The outsider might be a consultant, but it could also be a person from another department. If you would like a quote for an individual process audit, please visit our audit quote webpage.
About the Author
Rob Packard is a regulatory consultant with 25+ years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Robert was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certification. From 2009-2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Robert’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone 802.258.1881 or email. You can also follow him on Google+, LinkedInor Twitter.
I hated the the FDA eSubmitter template which was discontinued May 30, 2021. Finally we have eSTAR draft guidance for the new eSTAR template.
History of 510k electronic submissions
The FDA has experimented with a multitude of pilot 510k submission programs over the years to streamline and improve the 510k submission content, formatting, and to facilitate a faster review process. The Turbo 510k program was one of the first successful pilot programs. In 2012 I wrote one of my first blogs about how to improve the 510k process. In September 2018, the FDA launched the “Quality in 510k Review Program Pilot” for certain devices using the eSubmitter electronic submission template. The goal of the this pilot program was to enable electronic submissions instead of requiring manufacturers to deliver USB flash drives to the FDA Document Control Center (DCC). I hated the eSubmitter template, and the FDA finally discontinued availability of the eSubmitter template on May 30, 2021. During the past 15 years, the FDA gradually streamlined the eCopy process too. Originally we had to submit one complete hardcopy, averaging 1,200 pages per submission, and one CD containing an electronic “eCopy.” Today, the current process involves a single USB flash drive and a 2-page printed cover letter, but today’s eCopy must still be shipped by mail or courier to the DCC.
eSTAR Pilot Program is Launched
During the 15-year evolution of the FDA eCopy, CDRH was trying to develop a reliable process for electronic submissions of a 510k. CBER, the biologics division of the FDA, has already eliminated the submission of eCopy submissions and now 100% of biologics submissions must be submitted through an electronic submissions gateway (ESG). In February 2020, CDRH launched a new and improved 510k template through the electronic Submission Template And Resource (eSTAR) Pilot Program. The eSTAR templates include benefits of the deceased eSubmitter template, but CDRH has incorporated additional benefits:
the templates use Adobe Acrobat Pro instead of a proprietary application requiring training;
support for images and messages with hyperlinks;
support for creation of Supplements and Amendments;
availability for use on mobile devices as a dynamic PDF;
ability to add comments to the PDF; and
the content and logic mirrors checklists used by CDRH reviewers.
Medical Device Academy’s experience with the eSTAR Templates
Every time the FDA has released a new template for electronic submissions we have obtained a copy and tried populating the template with content from one of our 510k submissions. Unfortunately, all of the templates have been slower to populate that the Word document templates that our company uses every day. On May 16 we conducted an internal training for our team on the eSTAR submission templates, and we published that training as a YouTube Video (see embedded video below). Then nine days later the FDA released updates to the eSTAR templates (version 0.7). The new eSTAR templates are available for non-IVD and IVD products (ver 0.7 updated May 27, 2021).
Sharon Morrow submitted our first eSTAR template to the FDA in August and we experienced no delays with the 510k submission during the initial uploading to the CDHR database, there was no RTA screening process, and CDRH did not identify any issues during their technical screening process. Shoron’s first eSTAR submission is now in interactive review, which is a better outcome than 95%+ of our 510k submissions. I have several other eSTAR submissions that are almost ready to submit as well. The other 510k consultants on our team are also working on their first eSTAR submissions.
Finally the CDRH releases an FDA eSTAR draft guidance
On September 29, 2021 the FDA released the new eSTAR draft Guidance for 510k submissions. This is a huge milestone because there have not been any draft guidance documents created for pilot programs. The draft indicates that the comment period will last 60 days (i.e. until November 28, 2021). However, the draft also states that the guidance will not be finalized until a date for requiring electronic submissions (i.e. submission via an ESG) is identified. The draft indicates that this will be no later than September 30, 2022. Once the guidance is finalized, there will be a transition period of at least one year where companies may submit via an ESG or by physical delivery to the FDA DCC.
Are there any new format or content requirements in the FDA eSTAR draft guidance?
There are no new format or content requirements in the eSTAR draft guidance, but the eSTAR template itself has several text boxes that must be filled in with summary information that is not specified in the guidance for format and content of a 510k. The information requested for the text boxes is a brief summary of non-confidential information contained in the attachments of the submission. Therefore, these boxes can information that would normally be in the overview summary documentst that are typically included at the beginning of each section of a 510k. If your overview documents do not already have this information, then you may have some additional work to do in order to complete the eSTAR templates. An example of one of these text boxes is provided below:
Another example of additional content required by the eSTAR templates is references to page numbers. Normally the FDA reviewer has to search the submission for information that is required in their regulatory review checklist. In the new templates the submitter is now asked to enter the page numbers of each attachment where specific information can be found. The following is an example of this type of request for a symbols glossary:
Are there any changes to the review timelines for a 510k in the eSTAR draft guidance?
The eSTAR draft guidance indicates that a technical screening will be completed in 15 calendar days instead of conducting a RTA screening. I believe that the technical screening is less challenging than the RTA screening, but the FDA has not released a draft of the technical screening criteria or a draft checklist. I would imagine that the intent was to streamline the process and reduce the workload of reviewers performing a technical screening, but we only have guesses regarding the substance of the technical review and so far our performance is 100% passing (i.e. 1 of 1). The next step in the 510k review process is a substantive review. Timelines for the substantive review are not even mentioned in the new draft guidance, but the FDA usually has the review clock details in Table 1 (MDUFA III performance goals) and Table 2 (MDUFA IV performance goals) of the FDA guidance specific to “Effect on FDA Review Clock and Goals.” In both tables, the goal is 60 calendar days, and our first eSTAR submission completed the substantive review in 60 days successfully. The 180-day deadline for responding to an additional information (AI) request has not changed in the eSTAR draft guidance, but our first submission is now interactive review. I believe this suggests that companies may have a higher likelihood of having an interactive review with their CDRH lead reviewer instead of being placed upon AI Hold, but we won’t have enough submissions reviewed by the FDA to be sure until the end of Q1 2022.
Register for our new webinar on the FDA eSTAR draft guidance
We hosted a live webinar on Thursday, October 21, 2021 @ Noon EDT. The webinar was approximatley 37 minutes in duration. In this webinar we shared the lessons learned from our initial work with the eSTAR template. Anyone that registers for our webinar will also receive a copy of our table of contents template that we updated for use with the eSTAR templates. Unlike a 510k eCopy, an eSTAR template does not require a table of contents but we still use a table of contents to communicate the status of the 510(k) project with our clients. Finally, we reviewed the eSTAR draft guidance in detail. If you would like to receive our new eSTAR table of content template and an invitation to our live webinar, please complete the registration form below.
About the Author
Robert Packard is a regulatory consultant with 25+ years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Robert was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certification. From 2009-2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Robert’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone 802.258.1881 or email. You can also follow him on Google+, LinkedIn or Twitter.
We desperately need to find a way to get more customer feedback and suggestions for product improvement, but what is the best way to do that?
Surveys rarely have a high response rate, but we need to gather customer feedback. Therefore, we created this blog posting as a living document of how we are trying to gather customer feedback. Specifically, we are looking for more customer feedback and better engagement with us. We don’t just want YouTube subscribers to like our videos, we want you to share our videos with other people in your company so they can learn about quality and regulatory too. We don’t just want you to register for a free webinar and watch the recording when you get a chance. We want to you to add a question when you register and please interrupt us during our live webinars to clarify anything you don’t understand. Finally, we want you to give us suggestions for improving our procedures, writing new blogs, and recording new training webinars and videos. Tell us what you want.
Using the headline analyzer to attract more customer feedback
We have a page on our website for a “suggestion box” where we are asking people to provide suggestions for new and improved procedures, blogs, webinars, and videos. But the last time someone filled in the form on that page is October 16, 2019. We desperately need to find a way to get more engagement from you in the form of suggestions. The first approach to gathering feedback is to send out email notification to our current 1,057 blog subscribers by posting this blog. To improve our chances for you to open an email about this blog, we optimized the headline using the CoSchedule Headline Analyzer. The first version of the headline scored a 75, while 70 is the minimum threshold for a worthy title. Our second attempt included the emotional word “exciting” and the new result scored an 83 (see below). Normally it requires 20+ tries before we achieve a headline score higher than 80, but today was a good day. We decided to stop at 83 and focus on other elements of this posting.
How can you encourage more customer feedback? (75)
How can you encourage more customer feedback and exciting engagement? (83)
A picture says 1,000 words
A great thumbnail or featured picture often helps improve click through rates for video, but pictures also communicate more information than words alone. Pictures can communicate the temperature, directions, speed you are moving, and even emotions. Ideally, a combination of a picture with a short caption does the most. The layout of your picture matters too. For example, the featured image above originally had just 6 images grouped together. To communicate that we were trying to decide which icon best communicated the concept of a suggestion box, we separated each icon image with a blue border. To help people identify the different images, we used letters under each icon image. We could have used numbers, but then people might have replied with phrases like “#2 was my 1st choice,” instead of “B was my 1st choice.” To make it clear that the far right icon image was our current icon, we used the word “current” instead of a letter. Finally, we used a bright yello text box at the top of the featured image to communicate instructions for polling of the various icon images.
In the end, we didn’t feel that the suggestion box icons were very attractive. In fact, icons in general are boring. Therefore, we hired an artist to create some concept sketches for other ideas that would communicate “please take the opportunity to give us your suggestion.” The three concepts we liked most were a wishing well, a coffee filter, and an open door with a suggestion doormat that opens into space. We selected the door as our favorite and added some details to create the final image you see now on our webpage. Specifically, we wanted the doormat to appear more three-dimensional, we wanted to incorporate Medical Device Academy’s logo, and we wanted a better focal point in the space beyond the door. Therefore, the artist created three different versions of a moon (crescent, partial, and full). The partial moon was our final choice.
A video is 1,000+ pictures
Full-frame video typically ranges from 24-60 frames per second (FPS). Therefore, there are at least 1,000 pictures in 42 seconds of video. Therefore, the five-and-half-minute video below is giving you much more information than you read above in a lot less time. The video walks you through the evolution of our suggestion box (all 24 versions). This is why we recommend recording a training video to every single medical device company we work with. This is also why our website has steadily been increasing the number of videos we procedure and publish on our YouTube channel.
A call to action increases customer feedback and engagement
Gathering customer feedback requires just as much marketing as selling a medical device. Typically, near the end of your presentation you will include a call to action. The call to action is intended to persuade customers to take immediate action. The call to action will create a sense of urgency. Sometimes a series of small calls to action will precede a final larger call to action. In our case, we are just trying to get suggestions from you regarding what quality and regulatory training materials we should develop next. We are asking you for advice on what our customers want to learn. In return we will develop the training materials you want. The better your questions are, the better our training materials will become. This strategy of offering valuable information to customers develops trust, and this has been our company’s primary marketing strategy since the beginning.
Click on the button above.
Try using a call-to-action button
If you want more engagement, you need to increase your click-through rate (CTR) first. Campaign Monitor conducted a test to which call-to-action performs best. They found a call-to-action button helped increase the CTR by 28%. We took this concept one step further, we used the headline analyzer tool to optimize the wording of the call-to-action button. The wording we used in the call-to-action button above scored an 86, while “click here” scored a dismal 28 and “click the button” only scored 31. We are also trying a contrarion approach to the design of the button. Instead of using bright colors that modern advertisers have trained us to ignore, we used a light grey background with Palatino Linotype font to optimize readability. We also used a small caption to make sure your subconscious knows what to do.
How much a 510k costs is the most common question I receive from customers, and there are three parts to the cost of a 510k.
There are three parts to the 510k cost of submission:
Testing
Submission Preparation
FDA User Fees
The highest cost is testing
The testing cost is the most significant cost, but I think the average is around $100K for our clients. For devices that only consist of a software (i.e., software as a medical device or SaMD), the testing costs are less, but the cost of documenting your software validation and cybersecurity will be more extensive than the cost of preparing your 510k and the FDA user fee. The more you can do in-house, the lower the testing costs will be. Biocompatibility testing for a non-invasive device might be only $13,000, but a long-term implant can cost as much as $100,000 for implantation studies. Sterilization validation testing depends upon the method of sterilization and whether you are doing a single-lot method or a full validation. Typical costs for EO sterilization validation are around $15,000, and then you should add several thousand more for the shelf-life testing.
For devices that are powered and/or have software, you will need to perform software validation in accordance with IEC 62304 ed 1.1 (2015). There are also five FDA guidance documents that apply:
You can do all of the software validation in-house, but some firms outsource the software validation. In the long term, you need to learn this, and it pays to hire an expert in IEC 62304 to help your team learn how to document software validation if you have not done this before. Typically, software validation documentation will be between 300 and 1,000 pages long.
Electrical safety and EMC testing are often the most expensive part of the testing process for our customers. EMC testing should always be done first to ensure you can pass the immunity and emissions testing. If you must modify the device to pass the EMC testing, you must repeat any electrical safety testing. The total cost of this testing is typically $50-60K.
Performance testing is the last part of the testing process. Performance testing should be performed on sterile and aged products if your product requires sterility and claims a shelf-life. Most of the testing is benchtop testing only to demonstrate performance. This includes simulated use testing (e.g., summative usability testing), cadaver testing, and computer modeling. Benchtop performance testing typically takes tens of thousands of dollars to complete, but you might be able to do the testing in-house. If animal testing is required, this typically costs around $100K. Finally, if a human clinical study is required (i.e., ~10% of 510k submissions), you should expect to spend between $250K and $2.5 million. Some simple clinical studies (e.g., IR thermometers) cost less than $100K, but these resemble benchtop performance testing in many ways.
The second highest cost is the cost of submission preparation
Medical Device Academy has two different options for preparation consulting fees. Your first option is hourly consulting fees. The second option is a flat fee. As of July 2023, we are charging $3,500 for pre-submission preparation and $17,500 for 510k submission preparation.
The first option is to avoid the FDA altogether and submit to a third-party reviewer. We only recommend one third-party reviewer (i.e., Regulatory Technology Services), because the other companies do not have sufficient experience to have predictable review times and positive outcomes. The typical RTS third-party review cost is 6% more than the FDA Standard fee.
The second option is to submit directly to the FDA. The standard user fee for FDA review of a 510k is $21,760 for FY 2024.
The third option is to apply for small business status. For companies that have annual revenues of less than $100 million USD, the FDA will grant you small business status. For companies with small business qualifications, the FDA user fee is reduced to $5,440.
Reduce 510k cost by applying for small business status
Any medical device company with revenues of less than $100 million annually can apply, but you must apply each year. There is no application fee, but you must complete FDA Form 3602 if you are a US firm. The form must be completed for each subsidiary too. FDA Form 3602A must be completed for foreign firms, and the national tax authority must verify the accuracy of your income statement on the form to submit it to the FDA. If your national tax authority refuses to sign the form, you can justify it, but I don’t know anyone who has done this yet. The qualification review by the FDA requires 60 days. Therefore, you should apply every year in August for the next fiscal year (October 1, 2023 – September 30, 2024, is FY 2024). The form will request that you include your Organization ID #. A Dun & Bradstreet Number (DUNS #) is also required if your firm is located outside the USA. Finally, you need to attach a copy of your tax return. Therefore, you must file your tax return–even if your firm had a loss or had no revenues. You can also use R&D tax credits in the USA or Canada if you are a start-up device company developing a new device.
About the Author
Rob Packard is a regulatory consultant with 25+ years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Robert was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certifications. From 2009 to 2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Robert’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone at 802.258.1881 or by email. You can also follow him on Google+, LinkedIn,YouTube, or Twitter.
Maybe you need an FDA inspection plan. Does everyone in your company know what they need to do when FDA inspectors arrive at your facility?
Be proactive and don’t just let FDA inspections happen. You need to have an FDA inspection plan, and that plan needs to cover the roles and responsbilities for everyone. Below we have a list of 15 items that are in our FDA inspection work instruction (WI-009). If you already have a plan, try using the following checklist to assess your readiness for the next next inspection:
What will you ask and do when your FDA inspector calls the Friday before the inspection?
Who should be contacted by the FDA inspector if you are on vacation?
How will you communicate to the rest of your company that an FDA inspection is planned for Monday morning?
Who will greet the FDA inspector upon arrival, and what should they do?
Which conference room will the FDA inspector spend most of their time in?
Who will be in the conference room with you and the FDA inspector?
How will you track document and records requests, and how will you communicate that information to others?
How will you retrieve documents and records requested by the FDA inspector?
Who will conduct a tour of the facility with the FDA inspector and how will the tour be managed?
When quality issues are identified, how will you respond?
What will you do for lunches during the inspection?
Who will attend the closing meeting with the FDA inspector?
Should you “promise to correct” 483 inspection observations identified by the FDA?
How and when will you repsond to the inspector with corrective action plans?
If your company is outside of the USA, what should you do differently to prepare?
What will you ask and do when your FDA inspector calls the Friday before the inspection?
Most people begin their FDA inspection plan with the arrival of the inspector. However, you should consider including earlier events in your plan. Such as closure of previous 483 inspection observations, scheduling of mock-FDA inspections in your annual audit schedule, and details of how to interact with the inspector when they contact you just before an inspection. Most inspections will be conducted by a single inspector, but occasionally inspectors will be training another inspector. In this situation you can count on them following the QSIT manual more carefully, and you are more likely to receive an FDA 483 inspection observation. In the worst-case scenario, the lead inspector will split up from the trainee, and they will “tag-team” your company. This is not proper FDA procedure, but you should be prepared for that possibility. Therefore, make sure you ask the inspector if they are going to be alone or with another inspector when you speak with them on the phone. You should also get their name and phone number. You may even want to consider reviewing FDAZilla Store for details about your FDA inspector’s past inspection 483s and warning letters. Immediately after the call with the inspector, you should reserve a conference room(s) for the inspection and cancel your other meetings for the week. You should also verify that the person that contacted you is really from the FDA. You can do this by looking up their contact information on the Health and Human Services Directory. Your inspector should have a phone number and email you can verify on that directory.
Who should be contacted by the FDA inspector if you are on vacation?
You should always have a back-up designated for speaking with FDA inspectors, handling MDR reporting, and initiating recalls when you are on vacation. These are critical tasks that require timely actions. You can’t expect inspectors, MDRs, or recalls to wait you to get back in the office. It doesn’t matter what the reason is. Weddings, funerals, and ski trips should not be rescheduled. You need a back-up, and often that person is the CEO or President of your company. Make sure you have a strong systems in place (i.e. an FDA inspection plan, an MDR procedure, and a recall procedure). Whomever is your back-up needs to be trained and ready for action. This is also the purpose of conducting a mock-FDA inspection, including examples of MDRs in your medical device reporting procedure, and conducting mock recalls. This ensures you and your back-up are trained effectively.
How will you communicate to the rest of your company that an FDA inspection is planned for Monday morning?
Most companies have an emergeny call list as part of their business continuity planning, and after the past 18 months of living with a Covid-19 pandemic your firm should certainly have a business continuity plan. Your FDA inspection plan should leverage that process. Contact the same people and notify them of when the FDA inspector is coming. If you are unable to find a conference room available for the inspection (i.e. see below), then ask the manager(s) that reserved the designated room for FDA inspections to relocate to another conference room for the week. Make sure you tell them who the inspector will be, and you might even be able to provide a photo of the inspector (try seraching LinkedIn). Make sure that you remind everyone to smile, and to listen carefully to the question asked. Everyone should be trained to answer only the questions asked, and nobody should run and hide. There should also be no need to stop your operations just because an inspector is visiting. You might even include the name of the inspector on a “Welcome Board” if your company has one at the entryway or in public areas. The more an FDA inspection appears as “routine” the better your outcome will be.
Who will greet the FDA inspector upon arrival, and what should they do?
By the time an FDA inspector(s) actually arrives at your company, all of the managers in your company should already been notified of the inspection and a conference room should be reserved for the inspection. Therefore, when the person that is greeting people in the lobby comes to work on Monday morning, you (or their supervisor) need to communicate with them and make sure that they are prepared for arrival. There are four things that should be communicated:
the name of the inspector(s) that are arriving
the list of managers that should be notified when the inspector(s) arrives (possibly identical to the buisness continuity call list)
the conference room that is reserved for the inspection
If the person greeting the inspector(s) is also going to escort them to the conference room and help them get set-up, then they will need additional instructions. If that escorting inspectors to the conference room and helping them get set-up is delegated to a different person, then the following considerations should be included in that person’s instructions:
the location of bathrooms and emergency exit instructions in case of a fire
the information for wireless connectivity
recommendations for seating in the conference room based upon the expected participants (see below)
It is important that an escort for the inspectors is able to bring the inspector(s) to the conference room as quickly as possible. They should not be expected to wait more than a few minutes for an escort.
Does your FDA inspection plan identify a specific room for the inspector? Is there a back-up?
Some companies have a specific room that is designated for inspections and 3rd party certification audits. If your comapny can do that, it will be very helpful because it reduces the decision making that is required immediatley prior to the inspection. Having a specific room for the inspection also eliminates the need to tell everyone else in the company where the inspector will be. Instead the location of the inspection can be in the work instruction or written FDA inspection plan. You shouldn’t need a back-up plan if there is a specific room designated for an FDA inspection, but our firm has a client that will be hosting three notified body auditors simultaneouly for three days. In that situation, you might need more than one room.
Does your FDA inspection plan have assigned seating?
You might think that it really doesn’t matter where people sit in a conference room, but you will probably want consider the layout of charging cords and the flow of interviewees requested by the inspector. In your conference room, you will need room for at least the following people:
the inspector(s)
the management representative (i.e. you)
a scribe
an interviewee
If there is an inspector and a trainee, you will probably want to seat them together to facilitate them working together. You as the Management Representative also need to be in the room, and it may help for you to sit next to the scribe to facilitate communication between you and to make it easier for them to hand you documents after the scribe logs the documents into their notes. The scribe should probably sit closest to the door, because they will be receiving documents, logs, and records that are brought to the room. You will also need one more seat next to you, and probaby accross from the inspector(s), for interviewees. This person will rotate as different processes are reviewed. I also recommend having a location in the middle of the table for an “in box” where documents, logs, and records for the inspector are placed after being logged in. A second location in the middle of the table can be used for a “discard pile” as you finish using your copy of each document, log, and record. You may refer back to these copies later. The “discard pile” should be 100% copies rather than originals. Originals should never be brought into the room with the inspector.
Who is the scribe in your FDA inspection plan?
The perfect scribe would know the quality system well and they would have the typing skills of a professional stenographer. You might have someone that is an executive assistant in your company or a paralegal that could do this job, but you might also have a document control specialist that fits this requirement. Some companies will even hire a temp for the duration of the inspection that has this type of skill, but a temp is unlikely to know the jargon and quality system requirements well. I have taken on the role of scribe many times for my clients, because I type fast and know their quality system. I also don’t want to interferre with the inspection process. As scribe I can answer questions and offer suggestions when appropriate, but most of my time is spent taking notes and communicating by instant messenger with company members that are outside of the inspection room.
You should seriously consider using an application such as Slack as a tool for communication during the inspection. Then anyone in your company that needs to know the status of the inspection can be provided access to the Slack channel for the inspection. This can also act as your record of requests from the inspector. It’s even possible for people on the Slack channel to share pictures of documents to confirm that they have identified the document being requested. You could even invite someone to speak remotely with the inspector via Slack with Zoom integration. All the scribe needs to do is share the Zoom app with a larger display in the same conference room so the inspector can see it too.
Does your FDA inspection plan include provisions for document and record retrieval?
The most important part of document and record retrieval during an FDA inspection is to remember that inspectors should never receive the original document. Ideally, a copier would be located immediately outside of the conference room and three copies would be made of every document before it enters the inspection room. The originals can be stored next to the copier until someone has time to return them to the proper storage location. The three copies should all be stamped “uncontrolled documents” to differentiate them from the originals. When the three copies are brought into the room, they should be handed to the scribe. The scribe should log the time the copies were delivered in the Slack channel. Then the copies should be handed to you, the Management Representative. You should skim the document to make sure that the correct document was received. Then one copy would be given to the inspector and another copy would be made available to the interviewee. If only two copies are needed, the extra copy can be placed in the “discard pile.” Even if your system is 100% electronic, I recommend printing copies for the inspection. The paper copies are easier for inspectors to review, and it eliminates the ability for the inspector to hunt around your electronic document system. In this situation, the scribe may do all of the printing.
Does your FDA inspection plan indicate who will conduct a tour of the facility with the FDA inspector and how will the tour be managed?
I’m surprised by the number of companies that don’t seem to have a map of their facility. Medical device manufacturing facilities should have two kinds of facility maps. One should identify where pest control monitoring stations are located, and the second should indicate your evacuation route to exit the building. All guests should be shown the evacuation route map, probably within the first 30 minutes of arrival. The second map will be requested by the inspector eventually if you conduct manufacturing at your facility. Therefore, it would be helpful to use one or both of these facility maps as a starting point for creating a map of the route that inspectors should be taken on during a tour. I prefer to start with where raw materials enter the facility, and then I follow the process flow of material until we reach finished goods storage and shipping. If you can do this without back-tracking multiple times, then that will probalby be the preferred route. The purpose of planning the route out in advance is to help estimate how long the tour will take, and to make sure there is consistency. If someone starts the tour, and then another person takes over the tour, the new person should be aware of what the next location is and what areas have not been observed yet. There may also be safety reasons for avoiding certain areas during a tour and asking the inspector to observe those areas from a distance. Welding processes, for example, often fall into this safety category.
When quality issues (i.e. FDA 483 inspection observations) are identified, is this covered by your FDA inspection plan?
Third party certificaton body auditors will typically make you aware of nonconformities as they are identified, but FDA inspectors often will hold off on identifying 483 inspection observations until the end of the inspection in a closing meeting. However, you can typically identify several areas that may result in a 483 inspection observation during the inspection. You and the manager of that area may want to consider initiating a draft CAPA plan for each of these quality issues before the closing meeting. This would give you an opportunity to demonstrate making immediate corrections and you might be able to get feedback from the inspector on your root cause analysis and corrective action plan before the closing meeting. Sometimes this will result in an inspector identifying low-risk quality issues verbally instead of writing them out on FDA Form 483. I find the best way to make sure CAPA plans are initiated early is to have a debrief each day after the inspector leaves. All of the managers involved in the inspection should participate, and the debrief can be done virtually or in person. Virtually may be necessary, because often managers need to leave work before the inspector ends for the day. You should consider including this in your FDA inspection plan as well.
Does your FDA inspection plan include plans for daily lunches?
If your facility is located outside the USA, skip this paragraph and go to the section below about companies located outside the USA. If your company is locagted inside the USA, you can be certain that the FDA inspector will not eat lunch at your facility. They will leave for lunch on their own, and then they will return after lunch. Therefore, you may not have control of the timing of a lunch break but you will have time to take one. Most managers use the lunch break as a time to catch-up on emails. However, I think it makes more sense to change your email settings to “out of office.” You can indicate that you are hosting an audit and you will answer questions as a batch that evening or then next morning. You might use the lunch break to take a walk and relax, you might have short debrief meeting with other managers, and you might spend some time preparing documents, logs, and records that the inspector may have requested before they left. Most inspectors use this strategy of asking for a list of documents and records in advance. This is also a good strategy to learn as an internal auditor or supplier auditor. If you have a back-room team that is supporting you, don’t make them wait for a break. Have someone in your company take their lunch orders or arrange for a catered buffet lunch. This will keep your support team happy, and you should definitely remember to include lunch for the team and changing your email settings to “out of office” in your FDA inspection plan.
Does your FDA inspection plan state who will attend the closing meeting?
Most companies have every manager that was in the opening meeting attend the closing meeting. This is ok, but it is important for anyone that might need to initiate a CAPA to be present in the meeting so that they can ask the inspector for clarification if needed. Scheduling a closing meeting should be part of your FDA inpsection plan. However, the past 18 months of the Covid-19 pandemic has taught us that we can attend this type of meeting remotely via Zoom. Therefore, we recommend letting the managers go home early if they are no longer needed as auditees. Instead, ask them to call in for a Zoom meeting at the time the FDA inspector estimates for review of the 483 inspection observations with the company.
Should you “promise to correct” 483 inspection observations identified by the FDA?
During the closing meeting the FDA inspector will review 483 inspection observations with you and any of the other managers present at the closing meeting. The inspector will ask if you promise to correct the 483 inspection observations that were identified. You should confirm that you will, and the FDA inspector will add this to the Annotations in the Observations section of FDA Form 483 that you will recive at the closing meeting. By stating this, you are agreeing to create a corrective action plan for each of the 483 inspection observations. You could change you mind later, but the better approach is to perform a thorough investigation of the 483 inspection observation first. If you determine that corrective action is not required, you can explain this in your CAPA plan and provide data to support it. The only likely reason for not correcting an observation is that you determined the incorrect information was provided to the inspector. In that case, you may need to do some retraining or organize your records better as a corrective action to prevent recurrence in a future inspection. You might even make modifications to your work instruction for “Conducting an FDA Inspection” (i.e. FDA inspection plan).
How and when will you repsond to the inspector with corrective action plans?
Your FDA inspection plan should include details on how respond to FDA 483 inspection observations and when the response must be submitted by. The FDA inspector will give you instructions for submission of your corrective action plans by email to the applicable email address for your region of the country. This email address and contact information should be added to your work instruction as an update after the first inspection if you are not sure in advance. You should respond with a copy of your CAPAs with 15 business days. Regardless of what the inspector told you, there is always a possibility that the outcome of your inspection could be “Official Action Indicated.” This is because the inspector’s supervisor makes the final decision on whether a Warning Letter will be issued and regarding the approval of the final inspection report. You should also confirm what the 15-day deadline is, because your state’s holidays may be different from the US Federal holidays.
If your company is outside of the USA, what should you do differently to prepare?
The US FDA only has jurisdiction over companies that are located in the USA. Therefore, if your company is registered with the FDA, you can only be inspected if you agree to host the FDA inspector when they contact you. FDA inspectors will contact foreign firms 6-8 weeks in advance, and they will typically give you a couple of weeks to choose from. After you confirm the dates for the inspection, then they will make their travel plans. Therefore, you will know exactly when the FDA inspection is schedulea and you will have more than month to prepare. Therefore, you should do four things differently:
You should send the FDA inspector directions from the airport to your facility and provide recommendations for potential hotels to stay at. Ideally the hotels you recommend will provide transportation from the airport and managers that are speak passable English). The hotels should be appropriate for business travel–not royalty. If it is convenient, you may even offer to pick-up the inspector at the hotel each day to ensure they have no problems with local transportation.
You should offer to provide lunches for the inspector during the inspection. This should not be considered entertainment. The purpose is make sure the inspector has lunch (i.e. a light meal or snacks) and drinks (i.e. water and coffee) during the inspection so that they do not have to negotiate local traffic, struggle with ordering food in a language they don’t know, and to eliminate delays associate with having lunch off-site. Make sure you remember to ask about food allergies and dietary restrictions. You might even follow-up with a draft menu to obtain confirmation that your proposed menu is appropriate.
You should schedule a mock-FDA inspection immediately to verify that everyone is prepared and to identify any CAPAs that need to initiated before the FDA inspector finds the problems.
During the first day of the inspection, you may consider asking the inspector if they would like to go out for dinner one of the evenings with a couple of people from your company or if they would like any recommendations for restaurants to eat at. If you are not familiar with US customs and international travel, ask the hotel concierge for advice. When you are out to dinner, the conversation should remain professional and if you normally drink alcohol at dinner you may want to consider the “BOB” compaign in the Netherlands as a role model.
How are you going to train everyone in your company?
You need an easy way to train everyone in your company. Why not give them a video to watch? Next Monday, July 26, 2021 @ Noon EDT, we are hosting a webinar on how to prepare for an FDA inspection. It is a live webinar where you will be able to ask questions, and we are bundling the webinar with our new work instruction for “Conducting an FDA Inspection” (WI-009). If you register for the webinar, you will receive access to the live webinar, you will receive the native slide deck, and you will receive a copy of the work instruction. You can use the work instruction as an FDA inspection plan template for your company. The webinar will be recorded for anyone that is unable to attend the live session. You will be sent a link to download the recording to watch it as many times as you wish, and we recommend that you use the webinar as training for the rest of your company.
If you have a surprise FDA inspector visit, you should never be scared because there is no difference between the best and worst-case outcome.
Why are you scared of an FDA inspector?
There are a number of reasons why you might be scared of an FDA inspector, but if you keep reading you will learn why 95% of your fear is self-induced. A small percentage of device manufacturers evaluate the performance of quality managers based on the outcome of FDA inspections, but you have no control over whom the FDA Office of Regulatory Affairs (ORA) assigns to perform your inspection. If your company belongs to this 5% minority, you need to change top management’s approach to regulators or you need to find a new employer. For the majority of us, we are scared of embarrassment, failure, or being “shut down.”
There are rare examples of where the FDA has taken action to stop the distribution of medical devices, but this is only done as a last resort. Usually, companies cooperate with the FDA with the hope of being able to resolve quality issues and resume distribution after corrective actions are implemented. Not only is this type of action rare, but there will be a prior visit to your facility and prior written communication from ORA before you receive a warning letter–let alone removal of your company’s device(s) from the market. You can’t pass or fail an FDA inspection. The FDA inspector is verifying compliance with the FDA Quality System Regulation (i.e. 21 CFR 820) as well as the requirements for medical device reporting (i.e. 21 CFR 803), reports of corrections and removals (i.e. 21 CFR 806), investigational device exemptions (i.e. 21 CFR 812), and unique device identification (UDI). FDA inspectors only have time to sample your records, and with any sampling plan, there is always uncertainty. When you do receive an FDA 483 inspection observation you should not consider it to be a condemnation of your company. Likewise, an absence of 483 observations is not a reason to celebrate.
Why you should not be embarrassed when you receive a 483 from an FDA inspector
The most irrational response to an FDA 483 inspection observation is embarrassment. Our firm specializes in helping start-up medical device companies get their first product to market. This includes providing training and helping them to implement a quality system. When our clients have their first FDA inspection, it is not uncommon to receive an FDA Form 483 inspection observation. Start-ups have limited resources and limited experience, and most of the employees have never participated in an FDA inspection before. Experience matters and immature quality systems have only a limited number of records to sample. Any mistakes are easy for an inspector to find.
Instead of feeling embarrassed, acknowledge and embrace your inexperience. For example, during the opening meeting with an FDA inspector, you might say, “We are a new company, and this is our first FDA inspection. I am also a first-time quality manager. If you find anything that we are doing incorrectly, please let us know and we will make immediate corrections and start working on our CAPA plan.” You can say this with a smile :), and you can genuinely mean what you said because it’s true.
Anticipation is always worse than reality
Another reason you are scared of an FDA inspection is that you don’t know exactly when the inspection will be. Only Class III PMA devices, and a few Class II De Novo devices with novel manufacturing processes, require a pre-approval inspection. For the rest of the Class II devices, ORA prioritizes inspections based on risk. There are a few companies prioritized for inspection within the first six months of your initial FDA registration, such as reprocessors of single-use devices and contract sterilizers. For the rest of the Class II device manufacturers, your first inspection should be approximately two years after your company registers with the FDA. If you are located outside the USA (OUS), your first inspection might take three years to schedule. Finally, Class I device manufacturers and contract manufacturers, are unlikely to ever be inspected by the FDA. If you didn’t know what the typical timeline was for ORA to schedule your first inspection, you probably just breathed a HUGE sigh of relief when you read this paragraph.
Even if you already know the approximate timeline and priorities for FDA inspections, it’s normal to feel a little anxiety when the date of your first visit is unknown. Your boss and the rest of the top management are probably feeling just as much anxiety as you are, or even more if they have no idea what the timeline and priorities are. You should make sure that everyone in your company understands what they are supposed to do during an FDA inspection, and if you forget to tell them you might cause a lot of unneeded drama when they find out an FDA inspector is in the front lobby. Preparing for an FDA inspection is no different from conducting a fire drill. Everyone should know the procedure, and you should practice (i.e. conduct a mock FDA inspection). Practice ensures that everyone knows what to do during the first 30 minutes of an FDA inspection, and nobody in your company will panic when an FDA inspector actually arrives.
Let’s define “surprise” visits by an FDA inspector
A surprise visit from an FDA inspector is extremely rare, but in the USA inspectors will call on Friday to confirm that your company will be open the following Monday for an inspection. The FDA has jurisdiction over medical device manufacturers located in the USA, and they are not required to give advanced notice. However, inspectors need time to prepare in advance for their inspection–just like an ISO 13485 auditor. Therefore, before an inspector arrives on-site for a routine (Level 2) inspection, the inspector will first make a courtesy call to the official correspondent identified in your establishment registration.
What happens when an FDA inspector travels outside the USA
In the case of OUS medical device manufacturers, the FDA inspector does not have jurisdiction. Therefore, they will contact the official correspondent 6-8 weeks in advance to schedule an inspection. Inspectors will typically make contact via email, and you may be given a couple of weeks to choose from for the FDA inspection. The duration of your inspection should be 4.5 days. The inspector will arrive on Sunday, and the inspection will begin on Monday morning. The inspector has four major process areas to cover, and Friday morning will be focused on generating a preliminary report of 483 inspection observations. The reason why you can predict this OUS routine with a degree of certainty is two-fold: 1) these are government workers following a procedure, and 2) the FDA inspector needs time to get to the airport for their flight home.
What is the outcome of an FDA inspection?
FDA inspections have three possible outcomes:
No action indicated – there were no FDA 483 inspection observations identified by the FDA inspector
Voluntary action indicated – there was at least one FDA 483 inspection observation identified by the FDA inspector, and the FDA inspector requests submission of a CAPA plan to prevent recurrence
Official action indicated – there was at least one FDA 483 inspection observation identified by the FDA inspector, and the FDA inspector requires submission of a CAPA plan to prevent recurrence; if a plan is not received in 15 business days, a warning letter will automatically be generated on the 16 day
Even in the rare instances with there is “no action indicated” (i.e. best case scenario), I have always noticed one or more things during an FDA inspection that were overlooked and we needed to initiate a new corrective action plan(s). In the other two possible scenarios, the FDA inspector identified the need for one or more corrective action plans. Therefore, regardless of whether your FDA inspection results in the best-case scenario or the worst-case, you will always need to initiate a new corrective action plan(s).
If the outcome is always a CAPA, what should you do?
Give your FDA inspector a big smile and say, “We are a new company, and this is our first FDA inspection. I am also a first-time quality manager. If you find anything that we are doing incorrectly, please let us know and we will make immediate corrections and start working on our CAPA plan.” Making sure that you have a genuine smile is just as important as what you say. Smiling will relax you and the anxiety and stress you are feeling will gradually melt away. Smiling will encourage the FDA inspector to trust you. Maybe your smile will even be contagious.
If you need help responding to an FDA 483 inspection observation, or you want to conduct a mock-FDA inspection, please use our calendly app to schedule a call with a member of our team. We are also hosting a live webinar on FDA inspections on July 26, 2021 @ Noon EDT.
About the Author
Robert Packard is a regulatory consultant with 25+ years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Robert was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certification. From 2009-2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Robert’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone 802.258.1881 or email. You can also follow him on Google+, LinkedIn or Twitter.
